3 matches found
jsrsasign: DSA signatures or X.509 certificates can be forged via DSA domain-parameter validation in KJUR.crypto.DSA.setPublic
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...
PT-2026-27056
Name of the Vulnerable Software and Affected Versions jsrsasign versions prior to 11.1.1 Description Improper verification of cryptographic signatures occurs due to flawed DSA domain-parameter validation in the KJUR.crypto.DSA.setPublic function and the associated DSA/X509 verification flow in...
SUSE CVE-2023-46234
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...